Fwd: FW:
Hi, I am sending an Access-Request packet using radeapclient without password,** ** I am giving the following attributes in radeapclient: User-Name= testuser EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = testuser Message-Authenticator = 0x00 ** ** ** ** But server is sending Access-Reject to the request. Following are the logs of radeapclient: ** ** User-Name= testuser EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = testuser Message-Authenticator = 0x00 ** ** ** ** +++ About to send encoded packet: User-Name = testuser EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = testuser Message-Authenticator = 0x00 +++ EAP decoded packet: EAP-Message = 0x01d3001604107b44069aa80b67319a536bfd4f8ac713 Message-Authenticator = 0xb4499f3ee54742d9dd8469980720dcf6 State = 0x8a52e3488a81e7f33f4b54075fcd3936 EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x107b44069aa80b67319a536bfd4f8ac713 ** ** +++ About to send encoded packet: User-Name = testuser EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x10d2c45d5e328b2b2db8bd66c7d171635d State = 0x8a52e3488a81e7f33f4b54075fcd3936 +++ EAP decoded packet: EAP-Message = 0x04d30004 Message-Authenticator = 0xf6f7e2707ef22ea86a660a4ddce7fb30 EAP-Id = 211 EAP-Code = Failure ** ** On further investigation, i found an example to test eap-md5 in the source code{ freeradius-2.1.8 } in src/tests ** ** Example is : ** ** echo 'User-Name = eapmd5' echo 'Cleartext-Password = md5md5' echo 'NAS-IP-Address = marajade.sandelman.ottawa.on.ca' echo 'EAP-Code = Response' echo 'EAP-Id = 210' echo 'EAP-Type-Identity = eapsim' echo 'Message-Authenticator = 0' echo 'NAS-Port = 0' ) ** ** ** ** But EAP RFC3579 and RFC2869 states that User-Password should not be part of a radius packet containing EAP-Message attribute, ** ** it written that “An Access-Request that contains either a User-Password or** ** CHAP-Password or ARAP-Password or one or more EAP-Message attributes MUST NOT contain more than one type of those four attributes. If it does not contain any of those four attributes, it SHOULD contain a Message-Authenticator. If any packet type contains an EAP-Message attribute it MUST also contain a Message-Authenticator.” ** ** ** ** Please let me know if any specific configuration need to be done on the server so that server sends Access-Accept. ** ** Thanks in advance. Arpit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
Hi, can we send accounting request using radeapclient ?? I am getting the following error: ** ** radeapclient -x 172.168.200.15 acct testing123 User-Name= testuser EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = testuser Message-Authenticator = 0x00 ** ** ** ** +++ About to send encoded packet: User-Name = testuser EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = testuser Message-Authenticator = 0x00 rlm_eap: EAP-Message not found +++ EAP decoded packet: ** Regards, Arpit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Generate Access-Challenge from radius server
Hi, I want to generate Access-Challenge from radius server on Access-Request packet while using CHAP. But server is not generating challenge packet for any of the Access-request, i am using radclient. Please tell the configurations to be done on the radius server as well as attributes to be sent in Access-Request through radclient , so that radius server can send Access-Challenge packet while replying Access-Request packet. i am executing following command from radclient. *radclient -x server-ip-address auth secretkey* *User-Name = testuser* *CHAP-Password = testing * *ctrl+d* Thanks, Arpit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Generate Access-Challenge from radius server
I need a access-challenge from radius server. What attributes should i send through radclient to generate access-challenge from radius server. Is there any specific configuration on radius server to generate the access-challenge packet. On 25 Oct 2012 16:12, Alan DeKok al...@deployingradius.com wrote: Arpit Jain wrote: I want to generate Access-Challenge from radius server on Access-Request packet while using CHAP. That's not how CHAP works. But server is not generating challenge packet for any of the Access-request, i am using radclient. Because CHAP doesn't send Access-Challenge. Please tell the configurations to be done on the radius server as well as attributes to be sent in Access-Request through radclient , so that radius server can send Access-Challenge packet while replying Access-Request packet. There is none. What you want to do is not part of standard RADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compliance testing of Free Radius Client
Hi All, Please help!!! Query #1: *I want to perform RFC compliance testing of FreeRadius client (not server) available with freeradius package.* In other words, i want to perform compliance testing on radclient and radeapclient binaries available with freeradius package. On investigation, i found that the manpage of radclient states: radclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. It can be used to test changes you made in the configuration of the radius server, or it can be used to monitor if a radius server is up. Does it mean that freeradius client is just a dummy client and there is no point in performing compliance testing on it? I tried to run the “radclient” binary. I executed the following command for this *./radclient server-ip auth secret-key* Once the above command is executed, the control waits for the attributes entry. After the attributes are written, radclient sends radius request packet and receives response from the server and then it exits. To again send any authentication or authorization request, radclient binary needs to be executed again. As per my understanding, the binary should not have exited. As radius client sends the Access-request itself once it receives a request for any service from the user. Also, if the server does not respond, radius client shall send the request to an alternate server. This means that the radius client can handle the user requests at runtime also. So it should not exit. *Please let me know if I need some extra configuration to achieve the above functionality.* Query #2: In RFC 2131, it is mentioned that there are three entities in any freeradius setup: USER, RADIUS CLIENT, RADIUS SERVER. Does freeradius package provide a separate binary/module for USER application? If not, can we consider RADIUS CLIENT as our USER as well? Thanks, Arpit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html